From a2ee42495e276a266efe9db037c0d8ffc57dda00 Mon Sep 17 00:00:00 2001
From: Morten Olsen <fbtijfdq@void.black>
Date: Thu, 20 Nov 2025 23:02:59 +0100
Subject: [PATCH] add mollysocket

---
 charts/apps/mollysocket/Chart.yaml            |  3 +
 .../templates/_external-http-service.yaml     | 11 +++
 .../mollysocket/templates/deployment.yaml     | 88 +++++++++++++++++++
 .../mollysocket/templates/http-service.yaml   | 11 +++
 charts/apps/mollysocket/templates/pvc.yaml    | 11 +++
 .../apps/mollysocket/templates/service.yaml   | 15 ++++
 charts/apps/mollysocket/values.yaml           |  5 ++
 charts/apps/ntfy/templates/deployment.yaml    |  2 +
 helmfile.yaml                                 |  5 ++
 9 files changed, 151 insertions(+)
 create mode 100644 charts/apps/mollysocket/Chart.yaml
 create mode 100644 charts/apps/mollysocket/templates/_external-http-service.yaml
 create mode 100644 charts/apps/mollysocket/templates/deployment.yaml
 create mode 100644 charts/apps/mollysocket/templates/http-service.yaml
 create mode 100644 charts/apps/mollysocket/templates/pvc.yaml
 create mode 100644 charts/apps/mollysocket/templates/service.yaml
 create mode 100644 charts/apps/mollysocket/values.yaml

diff --git a/charts/apps/mollysocket/Chart.yaml b/charts/apps/mollysocket/Chart.yaml
new file mode 100644
index 0000000..f8ca44b
--- /dev/null
+++ b/charts/apps/mollysocket/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+version: 1.0.0
+name: mollysocket
diff --git a/charts/apps/mollysocket/templates/_external-http-service.yaml b/charts/apps/mollysocket/templates/_external-http-service.yaml
new file mode 100644
index 0000000..e28916d
--- /dev/null
+++ b/charts/apps/mollysocket/templates/_external-http-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: homelab.mortenolsen.pro/v1
+kind: ExternalHttpService
+metadata:
+  name: '{{ .Release.Name }}'
+spec:
+  environment: '{{ .Values.globals.environment }}'
+  subdomain: '{{ .Values.subdomain }}'
+  destination:
+    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
+    port:
+      number: 80
diff --git a/charts/apps/mollysocket/templates/deployment.yaml b/charts/apps/mollysocket/templates/deployment.yaml
new file mode 100644
index 0000000..ce1a249
--- /dev/null
+++ b/charts/apps/mollysocket/templates/deployment.yaml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Release.Name }}"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Release.Name }}"
+    spec:
+      initContainers:
+        - name: mollysocket-vapid-gentor
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" # Use the mollysocket image itself
+          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          command: ["sh", "-c"]
+          args:
+            - |
+              # Define paths within the volume
+              VAPID_DIR="/data/vapid"
+              PRIVATE_KEY_PATH="${VAPID_DIR}/private_key.txt"
+
+              echo "Checking for existing VAPID keys in ${VAPID_DIR}..."
+
+              # Create the VAPID directory if it doesn't exist
+              mkdir -p "${VAPID_DIR}"
+
+              # Check if the private key file already exists
+              if [ -f "${PRIVATE_KEY_PATH}" ]; then
+                echo "VAPID private key already exists. Skipping generation."
+              else
+                echo "VAPID private key not found. Generating new keys..."
+                # Run the mollysocket command to generate keys
+                # The output format is:
+                # VAPD private key: <private_key_string>
+
+                mollysocket vapid gen > "${PRIVATE_KEY_PATH}"
+              fi
+          volumeMounts:
+            - mountPath: /data # Mount the PVC here, same as the main container
+              name: data
+      containers:
+        - name: "{{ .Release.Name }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          args: ["serve"]
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          ports:
+            - name: http
+              containerPort: 8020
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+          readinessProbe:
+            tcpSocket:
+              port: http
+          env:
+            - name: TZ
+              value: "{{ .Values.globals.timezone }}"
+            - name: MOLLY_DB
+              value: /data/db.sqlite
+            - name: MOLLY_HOST
+              value: 0.0.0.0
+            - name: MOLLY_PORT
+              value: '8020'
+            - name: MOLLY_VAPID_KEY_FILE
+              value: /data/vapid/private_key.txt
+            - name: MOLLY_ALLOWED_ENDPOINTS
+              value: '["*","https://ntfy.{{ .Values.globals.domain }}/"]'
+            - name: RUST_LOG
+              value: info
+          volumeMounts:
+            - mountPath: /data
+              name: data
+
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: "{{ .Release.Name }}-data"
diff --git a/charts/apps/mollysocket/templates/http-service.yaml b/charts/apps/mollysocket/templates/http-service.yaml
new file mode 100644
index 0000000..15b1989
--- /dev/null
+++ b/charts/apps/mollysocket/templates/http-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: homelab.mortenolsen.pro/v1
+kind: HttpService
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  environment: "{{ .Values.globals.environment }}"
+  subdomain: "{{ .Values.subdomain }}"
+  destination:
+    host: "{{ .Release.Name }}"
+    port:
+      number: 80
diff --git a/charts/apps/mollysocket/templates/pvc.yaml b/charts/apps/mollysocket/templates/pvc.yaml
new file mode 100644
index 0000000..aeca898
--- /dev/null
+++ b/charts/apps/mollysocket/templates/pvc.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: "{{ .Release.Name }}-data"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+  storageClassName: "{{ .Values.globals.environment }}"
diff --git a/charts/apps/mollysocket/templates/service.yaml b/charts/apps/mollysocket/templates/service.yaml
new file mode 100644
index 0000000..48a5821
--- /dev/null
+++ b/charts/apps/mollysocket/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ .Release.Name }}"
+  labels:
+    app: "{{ .Release.Name }}"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 8020
+      protocol: TCP
+      name: http
+  selector:
+    app: "{{ .Release.Name }}"
diff --git a/charts/apps/mollysocket/values.yaml b/charts/apps/mollysocket/values.yaml
new file mode 100644
index 0000000..9c4f4ae
--- /dev/null
+++ b/charts/apps/mollysocket/values.yaml
@@ -0,0 +1,5 @@
+image:
+  repository: ghcr.io/mollyim/mollysocket
+  tag: latest
+  pullPolicy: IfNotPresent
+subdomain: mollysocket
diff --git a/charts/apps/ntfy/templates/deployment.yaml b/charts/apps/ntfy/templates/deployment.yaml
index f801fe5..770f44e 100644
--- a/charts/apps/ntfy/templates/deployment.yaml
+++ b/charts/apps/ntfy/templates/deployment.yaml
@@ -50,6 +50,8 @@ spec:
               value: /var/lib/ntfy/attachments
             - name: NTFY_ENABLE_LOGIN
               value: 'true'
+            - name: NTFY_REQUIRE_LOGIN
+              value: 'true'
           volumeMounts:
             - mountPath: /var/lib/ntfy
               name: data
diff --git a/helmfile.yaml b/helmfile.yaml
index b113089..d8dd5b1 100644
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -176,3 +176,8 @@ releases:
     namespace: prod
     values:
       - values.yaml
+  - name: mollysocket
+    chart: charts/apps/mollysocket
+    namespace: prod
+    values:
+      - values.yaml